[jira] [Updated] (METRON-2065) Setting Parser Output Topic in Sensor Config is broken

Ryan Merriman (JIRA) Tue, 23 Apr 2019 13:40:53 -0700


     [ 
https://issues.apache.org/jira/browse/METRON-2065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ryan Merriman updated METRON-2065:
----------------------------------
    Fix Version/s: Next + 1

> Setting Parser Output Topic in Sensor Config is broken
> ------------------------------------------------------
>
>                 Key: METRON-2065
>                 URL: https://issues.apache.org/jira/browse/METRON-2065
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Mohan
>            Assignee: Ryan Merriman
>            Priority: Major
>             Fix For: Next + 1
>
>         Attachments: Screen Shot 2019-04-05 at 7.45.36 PM.png
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Login to management console 
> Edit the parser config Advanced > Raw JSON  !Screen Shot 2019-04-05 at 
> 7.45.36 PM.png! 
> Change the output topic for the 'snort' sensor.
> Verify that the changes taken effect using stellar shell 
> {code:java}
> [Stellar]>>> conf := CONFIG_GET("PARSER","snort") { "parserClassName" : 
> "org.apache.metron.parsers.snort.BasicSnortParser", "sensorTopic" : "snort", 
> "outputTopic" : "new-topic", "readMetadata" : false, "mergeMetadata" : false, 
> "spoutParallelism" : 1, "spoutNumTasks" : 1, "parserParallelism" : 1, 
> "parserNumTasks" : 1, "errorWriterParallelism" : 1, "errorWriterNumTasks" : 
> 1, "spoutConfig" : { }, "stormConfig" : { }, "parserConfig" : { }, 
> "fieldTransformations" : [ ], "cacheConfig" : { }, "rawMessageStrategy" : 
> "DEFAULT", "rawMessageStrategyConfig" : { } }
> {code}
> publish the message to 'snort' topic
> I use the console consumer to validate output is being piped into "new_topic" 
> and verified that no messages were sent to the topic 
> {code:java}
> [metron@nat-r7-udos-metron-1 bin]$ ./kafka-console-consumer.sh --zookeeper 
> $ZOOKEEPER --security-protocol PLAINTEXTSASL --topic new-topic 
> Using the ConsoleConsumer with old consumer is deprecated and will be removed 
> in a future major release. Consider using the new consumer by passing 
> [bootstrap-server] instead of [zookeeper]. [2019-04-05 14:08:08,796] WARN 
> SASL configuration failed: javax.security.auth.login.LoginException: No JAAS 
> configuration section named 'Client' was found in specified JAAS 
> configuration file: 
> '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue 
> connection to Zookeeper server without SASL authentication, if Zookeeper 
> server allows it. (org.apache.zookeeper.ClientCnxn) [2019-04-05 14:08:09,005] 
> WARN SASL configuration failed: javax.security.auth.login.LoginException: No 
> JAAS configuration section named 'Client' was found in specified JAAS 
> configuration file: 
> '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue 
> connection to Zookeeper server without SASL authentication, if Zookeeper 
> server allows it. (org.apache.zookeeper.ClientCnxn)
> {code}
> where as I see that the messages were sent to "enrichments" topic
> {code:java}
> [metron@nat-r7-udos-metron-1 bin]$ ./kafka-console-consumer.sh --zookeeper 
> $ZOOKEEPER --security-protocol PLAINTEXTSASL --topic enrichments
> Using the ConsoleConsumer with old consumer is deprecated and will be removed 
> in a future major release. Consider using the new consumer by passing 
> [bootstrap-server] instead of [zookeeper].
> [2019-04-05 14:10:18,930] WARN SASL configuration failed: 
> javax.security.auth.login.LoginException: No JAAS configuration section named 
> 'Client' was found in specified JAAS configuration file: 
> '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue 
> connection to Zookeeper server without SASL authentication, if Zookeeper 
> server allows it. (org.apache.zookeeper.ClientCnxn)
> [2019-04-05 14:10:19,095] WARN SASL configuration failed: 
> javax.security.auth.login.LoginException: No JAAS configuration section named 
> 'Client' was found in specified JAAS configuration file: 
> '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue 
> connection to Zookeeper server without SASL authentication, if Zookeeper 
> server allows it. (org.apache.zookeeper.ClientCnxn)
> {"msg":"snort test 
> alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676
>  ,1,999158,0,\"snort test 
> alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"11fb0141-9c45-4787-a9a4-ad725ed0318f","sig_id":"999158","sig_generator":"1"}
> {"msg":"snort test 
> alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676
>  ,1,999158,0,\"snort test 
> alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"5cd4082f-06aa-4c92-8c72-a5d9c775b5d4","sig_id":"999158","sig_generator":"1"}
> {"msg":"snort test 
> alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676
>  ,1,999158,0,\"snort test 
> alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"b0e60bcd-261a-41e6-924f-de8c903f4f57","sig_id":"999158","sig_generator":"1"}
> {"msg":"snort test 
> alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676
>  ,1,999158,0,\"snort test 
> alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"b29029b6-9b9d-4c5f-810c-2bd816126ffa","sig_id":"999158","sig_generator":"1"}
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (METRON-2065) Setting Parser Output Topic in Sensor Config is broken

Reply via email to